帮同事看的,顺便记录一下。
寻找路由
反序列化处理出传入的json没啥跟进的,直接看UploadingFileInfo,有啥就可以定义啥
主要跟函数UploadingFileInfo
完整函数如下:
public string StoreFileAdvanced(UploadingFileInfo<string> fileUploadInfo, Stream fileStream)
{
string result = "";
string str = "_temp";
string str2 = string.Format("{0}_{1}_{2}", fileUploadInfo.UploadUserNo, string.Format("{0:yyyyMMddHHmmssffff}", fileUploadInfo.UploadTime), fileUploadInfo.FileName + str);
if (!Directory.Exists(FileUploadHelper.UploadFileFolder))
{
Directory.CreateDirectory(FileUploadHelper.UploadFileFolder);
}
using (FileStream fileStream2 = File.Open(FileUploadHelper.UploadFileFolder + Path.DirectorySeparatorChar.ToString() + str2, FileMode.Append))
{
this.SaveFile(fileStream, fileStream2);
fileStream2.Close();
}
string uploadFileFolder = FileUploadHelper.UploadFileFolder;
string text;
if (fileUploadInfo.IsUseMongdb)
{
text = string.Format("{0}_{1}_{2}", fileUploadInfo.UploadUserNo, string.Format("{0:yyyyMMddHHmmssffff}", fileUploadInfo.UploadTime), fileUploadInfo.FileName);
}
else
{
text = fileUploadInfo.FileName;
if (!Directory.Exists(uploadFileFolder))
{
Directory.CreateDirectory(uploadFileFolder);
}
if (File.Exists(uploadFileFolder + Path.DirectorySeparatorChar.ToString() + text))
{
File.Delete(uploadFileFolder + Path.DirectorySeparatorChar.ToString() + text);
}
}
if (fileUploadInfo.LastChunk)
{
File.Move(FileUploadHelper.UploadFileFolder + Path.DirectorySeparatorChar.ToString() + str2, uploadFileFolder + Path.DirectorySeparatorChar.ToString() + text);
UploadResult uploadResult = new FileUploadHelper().UploadFinished(new UploadFileInfo
{
FileName = fileUploadInfo.FileName,
FilePath = string.Format("{0}{1}{2}", FileUploadHelper.UploadFileFolder, Path.DirectorySeparatorChar, text),
Parameters = fileUploadInfo.ExtendInfo,
UniqueKey = fileUploadInfo.UniqueKey,
UploadMethodName = fileUploadInfo.UploadMethodName,
UserNo = fileUploadInfo.UploadUserNo,
IsUseMongdb = fileUploadInfo.IsUseMongdb,
IsUseCloud = fileUploadInfo.IsUseCloud,
CloudPath = fileUploadInfo.CloudPath,
Size = fileStream.Length
});
result = uploadResult.ID;
if (uploadResult != null && !string.IsNullOrEmpty(uploadResult.sErrInfo))
{
throw new Exception(uploadResult.sErrInfo);
}
}
return result;
}
通过上述代码可以看到需要UploadUserNo、LastChunk、FileName、IsUseMongdb、UploadTime
其中
if (fileUploadInfo.IsUseMongdb)
{
text = string.Format("{0}_{1}_{2}", fileUploadInfo.UploadUserNo, string.Format("{0:yyyyMMddHHmmssffff}", fileUploadInfo.UploadTime), fileUploadInfo.FileName);
}
else
{
text = fileUploadInfo.FileName;
if (!Directory.Exists(uploadFileFolder))
{
Directory.CreateDirectory(uploadFileFolder);
}
if (File.Exists(uploadFileFolder + Path.DirectorySeparatorChar.ToString() + text))
{
File.Delete(uploadFileFolder + Path.DirectorySeparatorChar.ToString() + text);
}
}
构造对应请求即可实现文件上传
原文始发于微信公众号(安全学习与分享):Enjoyoa-任意文件上传
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论